A proxy transformation technology is a technology of transforming a ciphertext without leaking ciphertext information. Specifically, assume that there are two users A and B, where the public key of the user A is pkA, and the private key of the user A is skA; and the public key of the user B is pkB, and the private key of the user B is skB. Using public/private key information of the users A and B may calculate a proxy relationship rkAB. The relationship is generally sent by the user A to a server S after the user A has calculated the relationship. When the server S acquires the proxy relationship rkAB, the server S may use rkAB to transform a message encrypted by pkA into a message encrypted by pkB. In the transforming process, the server S cannot see the plaintext of the message. After the transformation is completed, the user B may use the individual private key to decrypt the message and obtain the plaintext of the message. The technology has the following problem: if the server S acquires the proxy relationship rkAB from the user A to the user B and a proxy relationship rkAC from the user A to a user C at the same time and the server S is controlled by a malicious user, when the user A uses the individual public key pkA to encrypt a message and only hopes that the user B receives the message, the server S controlled by the malicious user may use the acquired proxy relationship rkAC to perform transformation, which enables the user C to obtain the message. The existing technical solution for solving the problem includes: using several servers to enhance security. Specifically, the user A calculates the proxy relationship with the user B, and divides the relationship into n parts, which are recorded as rk1AB, rk2AB, . . . , rknAB, and delivered to n servers, respectively. The user A uses the individual public key pkA to encrypt and send a message to the n servers, and the ith server uses the proxy relationship rkiAB to perform proxy transformation on the message and send the message to the user B. After the user B obtains transformation results of all the n servers, the user B may integrate all the results to obtain the message encrypted by using the public key pkB of the user B. Then, the user B may use the individual private key skB to decrypt the message. In the solution, the problem of “performing transformation without unauthorization of a user” is not entirely solved. The reason is that, although n servers are used, the malicious user may still control all the n servers to complete transformation without unauthorization, thereby causing information leakage. There is another technical solution that also needs to use several servers. The user B does not need to obtain transformation results from all the n servers, and only needs to obtain transformation results from any k (k≦n) servers and integrate the results to obtain the message encrypted by using the public key pkB of the user B. After that, the user B may use the individual private key skB to decrypt the message. The technical solution does not solve the problem of “performing transformation without unauthorization of a user”. When the malicious user controls greater than or equal to K servers, unauthorized transformation may be performed, thereby causing information leakage.